On May 08, 2025, the Reserve Bank of India (RBI) issued “The Reserve Bank of India (Digital Lending) Directions, 2025” (the Directions) to reduce consumer risk, enhance regulatory oversight, and ensure more responsible lending behaviour across the rapidly growing digital credit ecosystem in India. This new directive aims to strengthen transparency between borrowers and Regulated Entities (REs) with respect to data privacy, cybersecurity, and the protection of borrowers within the digital lending ecosystem, as well as ensure fair practices in the digital lending operations across the country.
The Directions aim to bring accountability, uniformity and clarity to digital lending practices undertaken by the REs in India. These Directions supersede and replace the previous Guidelines on “Digital Lending” dated September 02, 2022, “Default Loss Guarantee (DLG)” dated June 08, 2023, and “Loans Sourced by Banks and NBFCs over Digital Lending Platforms: Adherence to Fair Practices Code and Outsourcing” dated June 24, 2020.
What is Digital Lending?
Digital Lending refers to managing and providing loans online through digital lending platforms, which simplifies the borrowing process by allowing borrowers to apply for loans without having to visit a Bank.
Salient Features of the Directions
Applicability
The provisions of these Directions relating to digital lending apply to all the Commercial Banks, Primary (urban) Co-Operative Banks, State co-operative Banks, Central Co-operative Banks, Non-Banking Financial Companies (including Housing Finance Companies) and All-India Financial Institutions, operating in India.
Assessment of the Creditworthiness of the Borrower
As per the directions, REs must obtain necessary information related to the economic profile of the borrower for assessment of their creditworthiness before extending any loan, and keep such profile on record mandatorily for audit purposes. Further, the REs must also ensure that there is no automatic increase in credit limit unless the borrower receives, evaluates, and records an explicit request for such an increase.
Protection of the Customers and Transparency
The Directions mandates all the REs to provide a Key Fact Statement (KFS) with clearly stated terms, including interest rates, fees, and penal charges to the borrowers. It also mandates all the REs to provide digitally signed documents like KFS, summary of loan products, sanction letter, terms and condition, account statements, privacy policies of the RE/Lending Service Provider (LSP) with respect to storage and usage of data of borrower etc., and the same shall automatically flow to the borrower on the registered and verified SMS/email upon execution of the loan contract/transactions.
In case of a loan default, when a recovery agent is assigned for recovery or there is a change in the recovery agent already assigned, the details of such recovery agent are required to be communicated to the borrower through SMS/ email before the recovery agent contacts the borrower for recovery. Further, the directions also ensure that loan disbursals and repayments are made directly between the REs and borrowers without routing through the third-party accounts. Para 10 of the Direction stipulates the procedure for the cooling-off period, which allows the borrowers to exit loans without penalty.
Grievance Redressal Officer
Every RE and LSP which has an interface with the borrower must designate a nodal grievance redressal officer to deal with digital lending-related issues/ complaints raised by the borrower. Further, if any complaint lodged by the borrower against an RE or LSP engaged by the RE is rejected wholly or partly by the RE, or the borrower is not satisfied with the reply, or the borrower has not received any reply within 30 days of receipt of complaint by the RE, the borrower can lodge a complaint on the Complaint Management System portal under the RBI-Integrated Ombudsman Scheme, 2021.
Due Diligence and Reporting to Credit Information Companies (“CIC”)
As per the Directions, RBI mandates that the digital lending by REs that involves LSPs must be carried out under a contractual agreement between the REs and the LSPs, and the said agreement must clearly define the respective roles, rights, and obligations of each party. REs are also required to conduct enhanced due diligence before partnering with an LSP for digital lending. REs are also required to carry out periodic reviews of the conduct of LSPs and guide LSPs on how to act responsibly if they are acting as recovery agents.
Furthermore, the REs must ensure that any lending done through their DLAs and/or DLAs of LSPs is reported by them to CIC, irrespective of the nature/ tenor of the loan. REs must also ensure that LSPs, if any, associated with such deferred payment credit products abide by the extant outsourcing guidelines issued by the RBI and are guided by these directions.
Data Protection, Technology and Privacy Policy
The Directions mandate that the data collection by DLA of REs and DLA of their LSPs be need-based, with the explicit consent of the borrower at every stage. Further, explicit consent is required from the user to share their information with third parties, and the most personal information collected by LSPs should not be stored, except for some basic minimal data. Further, phone data of the borrower, such as media & files, contact list, call logs, telephony functions, etc., must not be accessed. The REs are also responsible for ensuring that all the LSPs they engage have a comprehensive privacy policy, including details of third parties that may be allowed to collect personal information through the DLAs. It also mandates that all the data collected must only be stored in servers located within India, and in case the data of the borrower is processed outside India, the same must be deleted from the servers outside India and brought back to India within 24 hours of processing. Lastly, the REs have the responsibility to ensure the data security and privacy of the personal information of the customer.
Newly Added Provisions by the RBI
The RBI has, for the first time, added the following two instructions in the Directions, 2025:
- RE-LSP Arrangements Involving Multiple Lenders
Paragraph 6 of the Directions stipulates the arrangements involving LSPs partnering with multiple REs. In cases where an LSP enters into Digital Lending arrangements with multiple REs, each RE must be responsible for ensuring adherence to the following:
- LSP must provide a digital display of all loan offers that match the borrower’s request on DLAs and fulfil the borrower’s requirements. Also, the names of the unmatched lenders shall be disclosed in the digital view.
- LSPs may adopt any mechanism for matching the borrower’s request with the lenders to offer a loan. However, they must follow a consistent approach for similarly situated borrowers and products.
- There must be a full disclosure of loan terms to the borrowers.
- All the content displayed by the LSP must be unbiased and objective and must not directly/indirectly promote a product of a particular RE on the platform to the exclusion of the others.
The above provision will come into force from November 01, 2025.
- Reporting of DLAs to RBI- Operationalisation of Public Directory of DLAs
To promote transparency and regulatory oversight in the digital lending ecosystem, REs must mandatorily report all DLAs associated with their lending operations to the RBI through the Centralised Information Management System (CIMS) portal to create a transparent public directory of legitimate DLAs as per Paragraph 17 of the Directions. Further, the Chief Compliance Officers of REs or any other official designated by the board of REs must certify the accuracy of submitted data. They must also ensure compliance with all regulatory instructions. Additionally, all customer issues and grievances concerning DLAs shall be addressed and dealt with by the REs directly.
The directions mandate the REs to ensure that the reporting in respect of all DLAs on the CIMS portal is completed by June 15, 2025.
Default Loss Guarantee (DLG)
The Directions have consolidated the provisions of “the Guidelines on Default Loss Guarantee (DLG) in Digital Lending dated 08.06.2023” while incorporating certain new measures regarding DLG. It mandates the REs to enter into DLG arrangements only with an LSP or other RE engaged as an LSP. It also mandates that the LSPs providing DLG must be incorporated as a company under the Companies Act, 2013. The REs, including an RE acting as DLG provider, entering into any DLG arrangements, must adopt a board-approved policy outlining procedures of due diligence, eligibility, monitoring & review, and details of the fees, if any, payable to/ received by the DLG provider.
The provisions of the Directions strictly restrict DLG arrangements for revolving credit facilities and loans already covered by existing credit guarantee schemes. Notably, the RBI caps the DLG exposures to 5% of a fixed loan portfolio at any time. Furthermore, the contractual terms, disclosure provisions, invocation & tenor timelines and NPA recognition have been specified to ensure legal enforceability and transparency.
Conclusion
The Directions establish a significant step towards making digital lending in India more cautious, fair, and, most importantly, transparent. With the extremely exponential growth of the credit service system offered digitally, facilitated by fintech firms and third-party platforms, there has been an imperative need for a robust and uniform regulatory framework. The Directions are focused on uplifting and safeguarding the rights of borrowers, thereby establishing a borrower-centric approach model in the fintech sector.
The Directions have laid down several guidelines to uphold fairness, clarity, and accountability, from imposing clear disclosure of loan terms and ensuring direct disbursal of funds to limiting private data collection and modulating recovery practices. For borrowers, it cues a more secure, safe, and unprejudiced e-credit experience. For lenders, it signifies a strengthened preparedness for compliance and modification of their operational framework. Above all, the Directions reiterate the role of the RBI as an active regulator committed to balancing innovation, consumer protection, and financial integrity in an increasingly digital economy.
Author: Manisha Singh and Tanya Chowdhary
First Published by: Mondaq here